Below:

Next story in Tech and gadgets

Imagine the following scenario: A user is looking online for that
perfect gift this holiday season. He's tried several different
searches and, on one attempt, winds up on an online casino page
after clicking on what claimed to be a link to a retail site.

Sound familiar? It should. Cybercriminals and online scammers are
using the same search engine optimization techniques that
legitimate retailers use to push their pages to the top of search
results.

The goal of black hat SEO is to snare a user "for malicious
purposes," especially when that user was looking for something
else, said Patrik Runald, director of security research at
Websense in San Diego.

Cybercriminals work hard to have their
malicious sites indexed highly in search results returned for
highly trending topics, Runald said.

That Christmas spirit

With the start of the official holiday season, cybercriminals are
targeting shopping-related keywords such as "coupons" and
"holiday sales."

When users search for those keywords, some of the top links on
Google, Bing and other search engines may actually be sites
hosting malware or
rogue anti-virus software, selling counterfeit products,
running survey scams or trying to extract people's personal or
credit-card information.

There are many ways to poison search results. The most common
method is to rig a "payload" Web page with hidden HTML keywords
tied to a seasonal event or big news story. Recent topics have
included the U.S. presidential election and hurricane flooding in
New York.

At this time of the year, attackers tend to use top gift items or
deep discounts on popular electronics items as bait, Runald said.
For example, a site could promise "iPad Mini $99!" or embed
" iPad
Mini," "Apple," and "iPhone" in its title and keywords.

Many scammers still insert links to the payload site on websites
with comment and form fields.

"Think of the millions of abandoned blogs that exist that still
allow comments," Runald said.

Adding comments to sites is "still an effective way to manipulate
search algorithms," but it isn't particularly a "fast, nor
nimble" attack, Runald said.

Posting links on Twitter is also an increasingly popular SEO
poisoning technique, as criminals can easily push out links to
the rogue site. Since the links are usually hidden behind
shortened URLs, users aren't always aware they are clicking
on malicious sites until it is too late.

A more effective method is to link the hundreds, if not
thousands, of websites under the criminal's control to the
payload site, Runald said. The attacker may have obtained these
sites as part of previous attacks, such as an effective mass
injection campaign.

"Inserting a single line of code to each of these sites can point
a search engine crawler to index the payload site rather
quickly," Runald said.

SEO poisoning can be effective and criminals can get set up very
quickly. Within hours after the
earthquake and tsunami hit Japan in 2011, a search for "most
recent earthquake in Japan" returned a host of websites claiming
to have the latest news but were actually pushing fake anti-virus
software.

The bad guys have developed various automated tools to monitor
and find breaking news topics and trending search terms and then
use the tool's control panel to modify the site content to
exploit those terms.

They are also monitoring
trending topics on Twitter to know what users are searching
for and automatically try to contaminate search results for those
search terms.

There are many simple programs available to automate the process
of SEO poisoning, and new ones are being created every day.
Thanks to these tools, attackers are able to manipulate
legitimate indexing by search engines with just a few clicks,
Runald said.

"Cybercriminals will take the least path of resistance, but they
are only getting more creative," Runald said.

However, it is important to remember that many of the search
engines, including Google and Bing, have improved their filtering
capabilities and are able to detect and remove poisoned results
more rapidly, Runald said.

Two years ago, 22.4 percent of popular trending terms from Google
and Yahoo searches returned malicious results, according to
Websense figures.

Websense is still analyzing the statistics to get the latest
figures for this year, but Runald believes the number has dropped
and that level of broad SEO poisoning has declined.

Of course, this just means the bad guys are just getting more
creative about which search terms to go after. Runald predicted
there will be more targeted SEO poisoning going after
associations, industries, and people with common interests.

The attackers make sure the compromised sites are in the top
results for relevant search terms and wait for the victims to
come. When the victims to land on the page while surfing online,
they are compromised.